In contact with

How to implement simultaneous authorization through Vkontakte on the website and in the mobile application using the VK SDK?

We have a site on which authorization through Vkontakte works.
We write applications for iOS and Android that implement the functionality of the site on devices.
I would like to make authorization through VK in applications using the VK SDK for platforms, because this will be as convenient as possible for users: if the VK application is already installed on the device, then the user will not need to log in to VK in a mobile browser, they will only need to confirm authorization in our application.
Everything would be fine if the user only needed to be authorized in the application. But you also need to notify the site that the user has logged in, add him to us if he has not yet been, keep a history of his actions, etc.
VK SDK returns a token with which you can go to the VK API, but this token is valid only from the IP from which it was received, i.e. transfer it to the site and the server will not do the necessary actions.
It would be possible to get all the necessary information from the API in the application and give it to the site, but then it turns out that there is no verification on the side of the site. You can send him anything under the guise of a VK user profile.
How to be? Maybe somehow you can get a token that is valid for any IP? Or maybe somehow you can verify the connection between the token and the Vkontakte user ID?
Or am I going down the wrong path altogether, and for such a task I need to use a radically different approach?
Thank you!